IPHighVerifiedSignal 86/100
2.1.2.1
Location
United StatesWashington, District of Columbia
First Seen
Sep 26, 2025
Last Seen
Jun 26, 2026
Found in 80 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
95%
Signal Score
86 / 100
IDS Rule
Yes
Threat Context
Malware Families19
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionWashington, District of Columbia
OrganizationOracle America Inc
Feed Intelligence Summary
80 reports95% confidence
Activity Timeline
Jun 26Jun 22
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
75
Critical
30d
75
Critical
3mo
75
Critical
Threat ScoreHigh Risk
86
SIGNAL
Signal Score
95%
Confidence
80
Reports
First seenSep 26, 2025
Last seenJun 26, 2026
Verified IOC
GeolocationUS
CountryUnited States
LocationWashington, District of Columbia
OrgOracle America Inc
Coords48.8582, 2.3387
VirusTotal
Not checked
WHOIS
- description
- DiabloFans.com redirects to curse.llc a shopify storefront that offering witchcraft related products and/or services. It will take time to break down the true intent of the website. Maybe it’s hacked maybe it’s a tool. I think targeting is involved because of the constant appearance of diablofans.com in various types of research over time including a most recent pulse related to a target There are multiple checkins, bots, Trojans , worms, etc. This entire pulse will be populated by OTX , I won’t be able to annotate for this pulse, Let’s see what happens. #Lowfi:HSTR:MSIL/Obfuscator.Deepsea.C
- raw
- inetnum: 2.1.0.0 - 2.1.255.255 netname: ORCL-AMER-OCI-21 country: US admin-c: ORCL1-RIPE tech-c: ORCL1-RIPE status: SUB-ALLOCATED PA org: ORG-OAI2-RIPE mnt-by: ORCL-MNT created: 2024-10-04T14:22:49Z last-modified: 2024-10-04T14:22:49Z source: RIPE organisation: ORG-OAI2-RIPE org-name: Oracle America Inc. country: US org-type: OTHER address: 2300 Oracle Way Austin, TX 78741 USA abuse-c: AR17199-RIPE mnt-ref: ORCL-MNT mnt-by: ORCL-MNT created: 2023-05-02T20:16:11Z last-modified: 2023-05-05T09:48:35Z source: RIPE # Filtered role: Domain Administrator address: 500 Oracle Parkway, M/S 501ip3 address: Redwood Shores address: CA, 94065 admin-c: RN3825-RIPE admin-c: CM16298-RIPE admin-c: MP29448-RIPE admin-c: JH27328-RIPE admin-c: GB21983-RIPE admin-c: SS33835-RIPE abuse-mailbox: [email protected] nic-hdl: ORCL1-RIPE mnt-by: ORCL-MNT created: 2016-03-15T11:29:38Z last-modified: 2019-02-06T16:27:54Z source: RIPE # Filtered
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 9 months ago · Last seen 1 day ago
Appeared in 80 threat reports from 10 sources
Associated with: Play, Hive, Sandworm, Turla
Used by malware: Nmap, Mozi, Frp, FormBook, AgentTesla, XWorm, Aurora, Cobalt Strike, Gh0st RAT, PowerShell Empire, Play, Stealc, Mirai, Vidar, Mythic, Metasploit, Hive, Fscan, META Stealer